Entrust loses internal files in cyberattack – unknown if digital ID data included
Trust management company Entrust says it suffered a cyberattack last month in which some of its internal files were stolen, according to president and chief executive Todd Wilkinson to his customers.
Wilkinson announced the data breach in a note to customers July 6. Security researcher Dominic Alvier obtained the note and posted to Twitter July 21.
“An unauthorized party accessed certain of our systems used for internal operations. We have been working tirelessly to remedy the situation since that moment… We have determined that some files were taken from our internal system. As we continue to investigate the issue, we will contact you directly if we learn information that we believe would affect the security of the products and services we provide to your organisation,” a portion of the note reads.
Wilkinson said at the time he was writing the note, there was no indication that the incident affected the security of Entrust products and services.
“Upon learning of the issue, we informed law enforcement and began working with a leading third-party cyber security firm. Though our investigation continues, we have no evidence of ongoing unauthorized access to our systems and are implementing additional safeguards to help enhance our security,” the note reads.
Entrust sells a variety of digital services to clients in communication, digital payments and digital ID credentials.
In an article on the cyberattack, trade publication Bleeping Computer writes that it learned a ransomware team was behind the incident, which took place on June 18, 2022.
Biometric Update also contacted Entrust for comment, and will update this article if a response is received.
Entrust announced its acquisition of e-signature and biometric ID verification firm, Evidos last month.